Malware

Troj/Agent-BFYM information

Malware Removal

The Troj/Agent-BFYM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BFYM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Agent-BFYM?



File Info:

name: 9CC0050A1892A9401968.mlw
path: /opt/CAPEv2/storage/binaries/053f6264fd59ef97308f8f7f2787228be4be34aa52c3ec35a014da312c18e34a
crc32: F25271EB
md5: 9cc0050a1892a94019686ab8fbd965af
sha1: 61c418df73c78498ee62642a45885227201f44c3
sha256: 053f6264fd59ef97308f8f7f2787228be4be34aa52c3ec35a014da312c18e34a
sha512: 00ed2d0d59b12894de9a48b92f0a29da6e023d2769878340d73697a09f0277acd26737d3bfcf5ace0033561c04056e9fc5e02e1d11df4cf5e5f1eaf3fa44a9e3
ssdeep: 12288:b7gdwgpWi+j5N2Jbsb7Lf8sjhtiKfl3E/e257EP:461i+j5SC8svflge257EP
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1ACB4239526F8C92FD5501E3B4A2FFF74D247129A12F35156B8C262DCDB42E0EC9A0AF4
sha3_384: a64ad5e388d86d9eb250bb5d735a45f7f80de2f5e6587c118b533f2312cec1ca73522322aa85642ac48b71b99fb98c50
ep_bytes: 60be3248b88d4321debb309e53f2be00
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Troj/Agent-BFYM also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.576052
FireEyeGeneric.mg.9cc0050a1892a940
ALYacGen:Variant.Razy.576052
MalwarebytesMalware.Heuristic.1003
VIPREGen:Variant.Razy.576052
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057984e1 )
BitDefenderGen:Variant.Razy.576052
K7GWTrojan ( 0057984e1 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/S-91c2cc44!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.EBQH
CynetMalicious (score: 100)
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:Win32/Injector.08171307
TencentWin32.Trojan.Generic.Pzfl
EmsisoftGen:Variant.Razy.576052 (B)
F-SecureHeuristic.HEUR/AGEN.1200606
DrWebTrojan.Inject4.12086
ZillyaTrojan.Injector.Win32.786154
TrendMicroPAK_Xed-10
McAfee-GW-EditionBehavesLike.Win32.Generic.gm
SophosTroj/Agent-BFYM
IkarusTrojan.Win32.Injector
GDataGen:Variant.Razy.576052
JiangminTrojan.Generic.gnerb
AviraHEUR/AGEN.1200606
Antiy-AVLGrayWare/Win32.Kryptik.ffp
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Razy.D8CA34
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Ymacco.AA05
GoogleDetected
AhnLab-V3Malware/Win32.RL_Generic.R263763
Acronissuspicious
McAfeeGenericRXMP-FY!9CC0050A1892
MAXmalware (ai score=82)
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallPAK_Xed-10
RisingTrojan.Kryptik!1.D12D (CLASSIC)
YandexTrojan.Injuke!G5E6pNEk6G4
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.EBQH!tr
BitDefenderThetaGen:NN.ZexaF.36308.EmW@aa@cnPk
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.a1892a
AvastWin32:Evo-gen [Trj]

How to remove Troj/Agent-BFYM?

Troj/Agent-BFYM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment